I think it depends on the OEM. There are factors such as whether the device storage is encrypted by default, whether the bootloader is locked by default, what kind of security hardware is available on the SoC and whether it is used, whether exploits are patched, whether there is a continuing roll out for discovered exploits, whether updates are automatically installed w/o authentication, whether the baseband contains known exploits and attack vectors (cough), etc.

So there's no one answer because there's no one Android device and many phone OEMs (and the manufacturers of the underlying hardware platform) may be implementing security to different degrees. Though many of these considerations do have google guidelines and policies in place, some of which may be enforceable via google compatibility tests, there is a wide spectrum of what you can expect from Android generally speaking I think.

You might look to Google's policies and recommendations, and more importantly their Nexus devices themselves as models for what they consider best practices to be. Then there is blackphone and other distros that have security as their primary focus, so they may be good to consider as well.

So, you see-- Snowden has "blood on his hands" for making terrorists aware of encryption, which they knew about for decades, so they could use it, which they didn't. And thank goodness for that, because if they had used encryption, the attacks might have been successful, which they were.

This sounds like the comments of someone obviously blind to the realities of stepping into a hostile crowd alone.

Yes, there is an escalating war against the police. In fact, with one shooting per week in 2015, it is a very dangerous time to be a.. toddler? (checks link) Wow.

In America, more preschoolers are shot dead each year (82 in 2013) than police officers are in the line of duty (27 in 2013), according to figures from the Centers for Disease Control and Prevention and the FBI.

(3) incidence of serious hacks skyrockets as people are unable to update their routers and other network-enabled devices.

(4) legislators react to spike in online crime/tragedies not by undoing (1)-(3) but with "get tough" anti-"hacking" laws that chill research and throw people in jail for minor transgressions, research, clock-building, vulnerability disclosure, security tools, or a anything not understood that politicians and aggressive prosecutors could perceive as "hacking".

(5) The problem gets MUCH MUCH worse as a result. Bright minds are tossed into jail, open research is chilled, and online crime continues to skyrocket.